Snort mailing list archives
Re: snort3-x509-reputation-plugin released in github
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 6 Jun 2016 20:12:34 +0000
This is fantastic, Thanks Juliusz. I am sure that the dev team will take a look! -- Joel Esler Manager, Talos Group
On Jun 6, 2016, at 4:54 AM, Juliusz Brzostek <Juliusz.Brzostek () cert pl> wrote: Hello, CERT Polska has been released one of internal projects - x509 certificates reputation plugin for Snort++. The plugin can detect/verify malicious traffic on application level (SSL tunnels). Can be used in LAN and WAN as well, depends on expectations. There is flexible configuration allows to use it in many scenarios, for instance: 1. detect/block balcklisted SSL certificates, 2. detect flows with certificates other then whitelisted (could be helpful to establish very restrictive LAN policy) 3. there is possible to create many different rules depending e.g. on white/black list source of information etc. See the project on github: https://github.com/CERT-Polska/snort3-x509-reputation-plugin -- Regards Juliusz Brzostek cert.pl ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort3-x509-reputation-plugin released in github Juliusz Brzostek (Jun 06)
- <Possible follow-ups>
- snort3-x509-reputation-plugin released in github Juliusz Brzostek (Jun 06)
- Re: snort3-x509-reputation-plugin released in github Joel Esler (jesler) (Jun 06)